TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 91aaba0172dfa1c740bc67a12bc201bad4cd509c / . / include / mbedtls / config_adjust_ssl.h
blob: 2275f3add76805caa487ee35eb415821090c174b [file] [log] [blame]
Gilles Peskineedc23792023-09-04 17:53:11 +0200[diff] [blame]1/**
2 * \file mbedtls/config_adjust_ssl.h
3 * \brief Adjust TLS configuration
4 *
5 * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
6 * configurations need to be explicitly enabled by the user: enabling
7 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
8 * compilation error. However, we do automatically enable certain options
9 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
10 * used to identify parts of a module that are used by other module, and we
11 * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
12 * Another case is if A didn't depend on B in earlier versions, and we
13 * want to use B in A but we need to preserve backward compatibility with
14 * configurations that explicitly activate MBEDTLS_xxx_A but not
15 * MBEDTLS_xxx_B.
16 */
17/*
18 * Copyright The Mbed TLS Contributors
19 * SPDX-License-Identifier: Apache-2.0
20 *
21 * Licensed under the Apache License, Version 2.0 (the "License"); you may
22 * not use this file except in compliance with the License.
23 * You may obtain a copy of the License at
24 *
25 * http://www.apache.org/licenses/LICENSE-2.0
26 *
27 * Unless required by applicable law or agreed to in writing, software
28 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
29 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
30 * See the License for the specific language governing permissions and
31 * limitations under the License.
32 */
33
34#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
35#define MBEDTLS_CONFIG_ADJUST_SSL_H
36
37/* The following blocks make it easier to disable all of TLS,
38 * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
39 * key exchanges, options and extensions related to them. */
40
41#if !defined(MBEDTLS_SSL_TLS_C)
42#undef MBEDTLS_SSL_CLI_C
43#undef MBEDTLS_SSL_SRV_C
44#undef MBEDTLS_SSL_PROTO_TLS1_3
45#undef MBEDTLS_SSL_PROTO_TLS1_2
46#undef MBEDTLS_SSL_PROTO_DTLS
47#endif
48
49#if !defined(MBEDTLS_SSL_PROTO_DTLS)
50#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
51#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
52#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
53#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
54#undef MBEDTLS_SSL_DTLS_SRTP
55#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
56#endif
57
58#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
59#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
60#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
61#undef MBEDTLS_SSL_RENEGOTIATION
62#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
63#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
64#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
65#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
66#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
67#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
68#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
69#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
70#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
71#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
72#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
73#endif
74
75#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
76#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
77#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
78#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
79#undef MBEDTLS_SSL_EARLY_DATA
80#endif
81
82#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
83 (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
84 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
85#define MBEDTLS_SSL_TLS1_2_SOME_ECC
86#endif
87
88#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */